Monday March 17, 2014
As the first-ever technical workshop devoted to bitcoin research convened on the island of Barbados on 7th March, it was clear from the outset that several academic papers would be exploring various methods to compensate for bitcoin’s inherent lack of anonymity.
For now, it’s an academic endeavour, but it underlies the fundamental principle known as ‘freedom of transaction’.
The International Financial Cryptography Association (IFCA), which organised the conference, has been at the center of this research work for 18 years. The burgeoning field of applied cryptography drives the mathematical science that makes digital anonymous value, and its transfer, possible.
At IFCA, CRYPTO, and other global conferences, cryptographers routinely assemble to present various theories and protocols that will allow a digital currency unit to emulate the privacy features of paper cash.
As applied to bitcoin specifically, these privacy-enhancing protocols can be organized into a taxonomy of mixing services for policymakers.
Tools against surveillanceLast year, Mercatus duo Jerry Brito and Andrea Castillo published “Bitcoin: A Primer for Policymakers” which touched only lightly on the advanced research into the privacy layers above bitcoin.
However, the privacy around bitcoin address data is no different than the privacy provided by Tor for anonymous web browsing and ultimately just as important for liberty and human dignity. Also similar to Tor, the network becomes more useful and robust as the level adoption increases.
Just as Tor prevents people from learning your location or browsing habits, bitcoin privacy extensions prevent people from learning your bitcoin amounts and spending habits.
Tor assists in defending yourself against network surveillance and traffic analysis, while bitcoin assists in defending yourself against financial surveillance.
Adopted from “The First 3 Generations of Bitcoin Mixing” by Kristov Atlas, the following taxonomy provides a fundamental guide for practitioners as bitcoin spreads itself into each and every monetary regime existing within artificially-delineated boundaries.
Before various governments like Jordan, Singapore, Iran, and Russia decide to ban bitcoin outright, or significantly restrict its usage, they need to be aware of the potential limitations to such regulation and attempted surveillance.
Centralized mixing servicesThe first generation of bitcoin mixers operated as a standalone service where you could send your bitcoin, pay a small fee, and then receive different bitcoin than the ones that were sent. These were some of the earliest and most rudimentary bitcoin mixing services.
The successful bitcoin anonymization of these services depended on the total number of users and coins available for mixing, which is why larger exchange sites and bitcoin shopping platforms were used more frequently. If an exchange was large enough, bitcoin could be deposited and withdrawn without being traded – effectively mixing the customer’s original coins.
Additional considerations of centralized mixing services are that you must trust the service not to steal your bitcoin and you must trust the service to protect your bitcoin from external theft.
Similar to VPNs, you must also trust the service not to maintain logs of the bitcoin address mixing and not to sell or turn over such records, both of which are difficult to verify.
Peer-based mixersIn an attempt to address the problems of a centralized model, the next generation of mixers relied on a ‘team’ of bitcoin users who all want to mix their coins together, gathering at the same place and time on the Internet.
Rather than a mixing service receiving bitcoin from a customer and performing the mixing itself, these peer-based mixers simply act as a meeting place for users to orchestrate mixing amongst themselves.
This model solves the problem of theft, because without a third party, the service is trustless. Protocols such as CoinJoin, SharedCoin, and CoinSwap allow multiple bitcoin users to get together, crafting a single bitcoin transaction in multiple stages, and sending their bitcoin to each others’ destination addresses.
Other than the mixing server, none of the participants need to know the relationship between their starting address and destination address. This can be performed multiple times with multiple parties to further complicate traffic analysis of the block chain.
Also, according to Atlas, peer-based mixing solves the problem of record-keeping, because:
“Cryptographic primitives such as cryptographic blinding, zero-knowledge proofs (ZKPs), and Succinct Non-interactive Arguments of Knowledge (SNARKs) can improve on peer-based mixing protocols so that, not only do the peers not need to know about each other’s destination address, but the mixing server helping to orchestrate the mixing doesn’t know it, either.”Atlas refers to this approach as ‘blind mixing’.
Anonymous altcoinsAltcoins are cryptocurrencies derived from the Bitcoin protocol with some slightly modified properties.
Atlas believes that cryptocurrency exchanges featuring various altcoins can be incorporated into block chain-based technologies to form peer-to-peer exchanges. He states that “once anonymous altcoins and decentralized exchanges are deployed, we will see these altcoins being used as off-ramps from and on-ramps to bitcoin, essentially acting as mixers.”
Improvements to the second generation of mixers include further decentralization of the mixing process by outsourcing the processing load to the altcoin’s distributed network, rather than relying only on the mixing server and vastly increasing the total size of the user ‘anonymity set’.
Leading the charge of anonymous altcoins is the Zerocoin team, which includes cryptographers Matthew Green and Ian Miers. After deciding to avoid the engineering complications of implementing Zerocoin on top of bitcoin, Green and his team began working on a standalone altcoin implementation dubbed ‘Zerocash‘.
Miers presented the Zerocash paper, “Rational Zero: Economic Security for Zerocoin with Everlasting Anonymity”, at the IFCA Bitcoin Workshop. Another privacy-enhancing paper, “Increasing Anonymity in Bitcoin”, was presented by Amitabh Saxena.
Atlas correctly states that bitcoin core developers have so far been reluctant to incorporate mixing technologies directly into the core protocol. Aside from being politically unpalatable, it would also add computational overhead and potential complication, leaving the option of services outside of the core protocol as the primary method for maintaining fungibility and user-defined privacy.
Notably, bitcoin core developer Mike Hearn says that an upcoming version of bitcoinj will route all connections to the bitcoin network over Tor’s anonymity network.